Comments on: How to Fix PHP Vulnerabilities (So Your Site Won’t Get Hacked) http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/ /* PHP & MySQL Journal */ Fri, 27 Jan 2012 16:39:42 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: sameer http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-2259 sameer Tue, 17 Aug 2010 07:20:18 +0000 http://www.codediesel.com/?p=2660#comment-2259 Well this are guidelines, you have to implement it yourself. Most modern software take most of the precautions to prevent hackers from penetrating the sites. But there are other factors then the actual software, like security of the hosting provider. Even if SMF is secure, the server on which it is installed may not be. You can modify the code without violating any copyrights of the maker (I'm talking about SMF here, other software licenses maybe different.) Well this are guidelines, you have to implement it yourself. Most modern software take most of the precautions to prevent hackers from penetrating the sites. But there are other factors then the actual software, like security of the hosting provider. Even if SMF is secure, the server on which it is installed may not be. You can modify the code without violating any copyrights of the maker (I’m talking about SMF here, other software licenses maybe different.)

]]> By: internet http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-2258 internet Tue, 17 Aug 2010 03:39:00 +0000 http://www.codediesel.com/?p=2660#comment-2258 How can this be implemented in a forum site powered by SMF? I've seen some forum sites being hacked. The php codes are already included in the installation package? Do we have to modify the codes? Will it violate rights of software maker? How can this be implemented in a forum site powered by SMF? I’ve seen some forum sites being hacked. The php codes are already included in the installation package? Do we have to modify the codes? Will it violate rights of software maker?

]]> By: Hisham Muteb http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-1982 Hisham Muteb Thu, 27 May 2010 09:35:32 +0000 http://www.codediesel.com/?p=2660#comment-1982 yes it is not php fault it is depend on the programmer and his code and yes @Bruno Cassol I am agree with you "You can make the same mistakes with any programming language" at the end it is good article yes it is not php fault
it is depend on the programmer and his code
and yes @Bruno Cassol I am agree with you
“You can make the same mistakes with any programming language”
at the end it is good article

]]> By: Irina http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-1979 Irina Thu, 27 May 2010 06:42:35 +0000 http://www.codediesel.com/?p=2660#comment-1979 Great article! Thanks for the info! Great article! Thanks for the info!

]]> By: Bruno Cassol http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-1976 Bruno Cassol Thu, 27 May 2010 01:40:37 +0000 http://www.codediesel.com/?p=2660#comment-1976 None of those are PHP's fault. You can make the same mistakes with any programming language. Use a framework and it will enforce good practices. Please stop blaming PHP for such things that are caused by poor programmers. None of those are PHP’s fault. You can make the same mistakes with any programming language. Use a framework and it will enforce good practices.

Please stop blaming PHP for such things that are caused by poor programmers.

]]> By: Jim O'Halloran http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-1975 Jim O'Halloran Wed, 26 May 2010 23:59:09 +0000 http://www.codediesel.com/?p=2660#comment-1975 I disagree with the characterization of these as "PHP vulnerabilities". None of the above are vulnerabilities in PHP itself, they're vulnerabilities in the code you write using PHP. Secondly, if you're dealing with credit card numbers, think very seriously about whether to store them at all. In most cases you can put up a form, collect the card number and pass it off to your payment gateway immediately without storing it. If they're not stored permanently the chances of their being compromised are daramtically lower, Of course, you should NEVER accept a credit card umber over a http connection, always use SSL (https) with a certificate from a reputable supplier. Finally, a minor correction. PDO stands for PHP Data Objects, not Portable Data Objects. Jim. I disagree with the characterization of these as “PHP vulnerabilities”. None of the above are vulnerabilities in PHP itself, they’re vulnerabilities in the code you write using PHP.

Secondly, if you’re dealing with credit card numbers, think very seriously about whether to store them at all. In most cases you can put up a form, collect the card number and pass it off to your payment gateway immediately without storing it. If they’re not stored permanently the chances of their being compromised are daramtically lower, Of course, you should NEVER accept a credit card umber over a http connection, always use SSL (https) with a certificate from a reputable supplier.

Finally, a minor correction. PDO stands for PHP Data Objects, not Portable Data Objects.

Jim.

]]> By: mike http://www.codediesel.com/php/how-to-fix-php-vulnerabilities/comment-page-1/#comment-1972 mike Tue, 25 May 2010 19:45:03 +0000 http://www.codediesel.com/?p=2660#comment-1972 Thank you for this nice article ! :) Thank you for this nice article ! :)

]]>